Cyber War Incoming: Banks Warned

UK banks have been warned by the Financial Conduct Authority that they need to make sure their security measures are updated and robust enough to withstand a cyber attack.

The warning comes as experts predict that a full-blown cyber war with Russia could happen, with the potential for hackers to take down online banking services completely as well as potentially prevent access to key medical services and fuel.

With millions of customers now relying on digital banking services for access to their money, the FCA has urged all banks in the UK to tighten their security measures, at the same time as US authorities have made similar warnings to banking institutions across the pond.

FCA’s five-step plan

The FCA has set out a five-step plan for banks and other businesses to make sure they are prepared for any potential cyber-attacks:

1. Cyber Security

Banks must review their own ability, and that of any third-party service providers that they work with, to withstand any cyber attack. Banks need to make sure they have adequate staff to deal with the increased risk of cyber attacks, as well as make sure that any security controls are strengthened, that existing staff are aware of any relevant dangers, and that third-party dependencies are reviewed to make sure any partners don’t expose customers to risk.

2. Business Services

Banks must look at whether potential sanctions (imposed either on the UK, the EU or the US) would impact their ability to deliver any important business services, or the ability of a third-party provider that the bank works with, and where possible mitigate that risk.

3. Business Continuity

Firms need to make sure that they have formal plans in place for business continuity and incident management. Any existing processes need to be checked and updated where necessary so that any responses are effective enough for banks to meet their regulatory obligations.

4. Incident Reporting

Banks and other financial firms are being urged to report any incidents to the FCA and other relevant bodies as soon as possible, to mitigate the risks to consumers and allow the FCA to support where necessary.

5. False Information

All financial firms need to be vigilant to protect consumers and businesses from any false information that may be spread as part of a cyber attack. Banks must make sure they have a robust and clear plan in place that is available to help ensure customers are safe and the market integrity is protected.

AI Attack Potential

Along with attacks on services, US authorities have also warned that banks may be subject to attacks on any AI tools they use. Many financial institutions use machine-learning software to manage trading platforms and make predictions on the market.

Attacks on these tools could see markets swayed with false information about business takeovers or market volatility. This could impact consumers’ and business’ investments as funds are manipulated by cyber attacks from a foreign agent.

Machine-learning tools are still relatively in their infancy, so banks are being urged to focus on protecting them as much as possible due to their vulnerability.